package com.spring.jiminsecurity;

import org.apache.catalina.User;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@SpringBootApplication
@RestController
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class JiminSecurityApplication {

	public static void main(String[] args) {
		SpringApplication.run(JiminSecurityApplication.class, args);
	}

	@RequestMapping("/")
	public String home() {
		return "Hello Jimin's Security!";
	}

	@RequestMapping("/hello")
	public String hello() {
		return "Hello World!";
	}

	@PreAuthorize("hasRole('ROLE_ADMIN')")
	@RequestMapping("/role")
	public String role() {
		return "role_admin";
	}

	@PreAuthorize("#id < 10 and principal.username.equals(#username) and #user.username.equals('abc')")
	@PostAuthorize("returnObject%2 == 0")
	@RequestMapping("/role")
	public String test1(Integer id, String username, User user) {
		return "role_test";
	}

	@PreFilter("filterObject%2==0")
	@PostFilter("filterObject%2==0")
	@RequestMapping("/role")
	public List<Integer> test2(List<Integer> id) {
		return id;
	}
}
